DCShop dcshop.cgi删除任意安装文件漏洞

DCShop dcshop.cgi删除任意安装文件漏洞

漏洞ID 1106653 漏洞类型 未知
发布时间 2002-03-25 更新时间 2002-08-12
图片[1]-DCShop dcshop.cgi删除任意安装文件漏洞-安全小百科CVE编号 CVE-2002-0492
图片[2]-DCShop dcshop.cgi删除任意安装文件漏洞-安全小百科CNNVD-ID CNNVD-200208-030
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21352
https://www.securityfocus.com/bid/89736
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-030
|漏洞详情
DCShop1.002Beta版本的dcshop.cgi存在漏洞。远程攻击者可以借助数据库参数的空字符删除任意安装文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/4356/info

DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

It is possible to overwrite setup files (*.setup) by submitting attacker-supplied form data followed by a null character (%00). The attacker must use the POST method to submit data that is content-type multipart/form-data compliant. 

curl -F [email protected] http://host/cgi-bin/dcshop.cgi

where test.txt contains databasename.setup[nullbyte].
|受影响的产品
Dcscripts Dcshop 1.002 Beta
|参考资料

来源:BUGTRAQ
名称:20020325dcshop.cgianybodycandelete*.setupfordatabase
链接:http://archives.neohapsis.com/archives/bugtraq/2002-03/0302.html

相关推荐: Sendfile Local Privileged Arbitrary Command Execution Vulnerability

Sendfile Local Privileged Arbitrary Command Execution Vulnerability 漏洞ID 1103289 漏洞类型 Access Validation Error 发布时间 2001-04-20 更新时间…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享